česky | english
This page show you how to configure Exim4 to use a certficate. This example was used on a Debian system, but should be similar for most other systems.
Generate local server-side certificate
Run the command:
(adding the '--force' option if you have already done this once.
openssl req -new -key /etc/exim4/exim.key -out /etc/exim4/exim.csr
supplying values at the prompt.
Generate CAcert certificate
Create a new server certificate and paste the contents of the file /etc/exim4/exim.csr where prompted.
Then copy what is generated to the file /etc/exim4/exim.crt (over-writing its existing contents).
Update Exim configuration files
For split-file configuration, edit the file /etc/exim4/conf.d/main/03_exim4-config_tlsoptions and uncomment:
# log_selector = +tls_cipher +tls_peerdn # tls_advertise_hosts = * # tls_certificate = CONFDIR/exim.crt # tls_privatekey = CONFDIR/exim.key
Then, activate the exim4 changes by:
update-exim4.conf /etc/init.d/exim4 restart
Following help file has been taken from Debian Exim4 package: http://cvs.alioth.debian.org/cgi-bin/cvsweb.cgi/~checkout~/exim/exim/debian/README.TLS?rev=1.12&content-type=text/plain&cvsroot=pkg-exim4
A modified version of this information can be found on the Exim Wiki at http://www.exim.org/eximwiki/EximServerSslCertificate - please take informational changes to there too.
http://www.credentia.cc/certs/howto/exim.html describes how to enable verification against a CA certificate.